Vodafone Italia SpA
Issued by Garante per la Protezione dei Dati Personali on 2020-11-12
What happened
Italy's Garante fined Vodafone Italia €12.25 million for systematic unlawful telemarketing practices affecting millions of individuals. The investigation revealed that Vodafone made unsolicited promotional calls to individuals who had not given consent, including people registered on Italy's do-not-call list (Registro Pubblico delle Opposizioni). The company used contact lists acquired from external data brokers without verifying that valid consent had been obtained. Vodafone also failed to honor opt-out requests from data subjects who explicitly objected to marketing calls. The DPA found a systemic pattern of non-compliance across Vodafone's marketing operations and its network of third-party call centers.
Articles violated
Lessons learned
Telemarketing requires explicit, verifiable consent from each individual. Companies cannot rely on third-party data brokers' assurance of consent — they must verify consent independently. Do-not-call registries must be respected, and opt-out requests must be processed promptly across all marketing channels. Outsourcing marketing to call centers does not transfer data protection responsibility. The controller remains liable for the processing activities of its processors.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Telecommunications
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.
Related enforcement actions
Telekall Infoservice
Autoridade Nacional de Proteção de Dados (ANPD) · Consent Violation
Read caseCosmote Mobile Telecommunications (OTE Group)
Hellenic Data Protection Authority (HDPA) · Data Breach
Read caseWind Tre SpA
Garante per la Protezione dei Dati Personali · Consent Violation
Read case